diff options
author | binary <me@rgoncalves.se> | 2021-03-17 20:53:31 +0100 |
---|---|---|
committer | binary <me@rgoncalves.se> | 2021-03-17 20:53:31 +0100 |
commit | edfeb6401af135348ddd38518a27be3e8ec51f6a (patch) | |
tree | a179029da1de48d7a8edf7e4a4c7902324f9e751 /roles/wireguard/tasks/main.yml | |
parent | 3e8b7f77311d32fd11e05d6f11d454aa40ed0aec (diff) | |
download | infrastructure-edfeb6401af135348ddd38518a27be3e8ec51f6a.tar.gz |
Make wireguard unreachables/failures free
Diffstat (limited to 'roles/wireguard/tasks/main.yml')
-rw-r--r-- | roles/wireguard/tasks/main.yml | 66 |
1 files changed, 15 insertions, 51 deletions
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 9875457..5b48998 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -4,55 +4,22 @@ --- -- name: generate dynamic facts - include: set_facts.yml +- name: set local directory for wireguard output + set_fact: + wg_dir: "{{ inventory_dir }}/files/wireguard" -- name: check keys on local disk - stat: - path: "{{ wg_host_keys }}" - register: stat_host_keys - delegate_to: localhost +- name: set local config files for wireguard output + set_fact: + wg_dcontroller_conf: "{{ wg_dir }}/{{ global.dcontroller }}.conf" + wg_dcontroller_keys: "{{ wg_dir }}/{{ global.dcontroller }}.keys" + wg_host_conf: "{{ wg_dir }}/{{ ansible_host }}.conf" + wg_host_keys: "{{ wg_dir }}/{{ ansible_host }}.keys" -- name: generate host keys - shell: | - umask 077 - wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}" - args: - chdir: "{{ wg_dir }}" - when: not stat_host_keys.stat.exists or force is defined and force - delegate_to: localhost +- name: include configuration generation + include_tasks: generate.yml -- name: create wireguard dir on remote host - file: - path: /etc/wireguard - owner: "{{ user_root }}" - group: "{{ group_root }}" - mode: 0700 - state: directory - ignore_unreachable: true - -- name: generate client configuration - template: - src: host.conf.j2 - dest: "{{ item.path }}" - mode: 0600 - when: ansible_host != global.dcontroller - delegate_to: "{{ item.name }}" - loop: - - { name: "{{ ansible_host }}", path: "/etc/wireguard/{{ global.dcontroller }}.conf" } - - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host }}.conf" } - ignore_unreachable: true - -- name: generate server configuration - template: - src: dcontroller.conf.j2 - dest: "{{ item.path }}" - mode: "0600" - when: ansible_host == global.dcontroller - delegate_to: "{{ item.name }}" - loop: - - { name: "{{ ansible_host }}", path: "/etc/wireguard/{{ global.dcontroller }}.conf" } - - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host }}.conf" } +- name: include configuration synchronization + include_tasks: synchronize.yml - name: enable wireguard for freebsd lineinfile: @@ -78,9 +45,6 @@ ignore_errors: true when: ansible_distribution != "FreeBSD" -- name: generate server interface - template: - src: templates/hostname.j2 - dest: /etc/hostname.tun0 +- name: include server setup + include_tasks: server.yml when: ansible_host == global.dcontroller - |